OnlyTrade — Legal

Privacy Policy

This Privacy Policy explains how OnlyTrade collects, uses, and protects personal data through its platform and website. OnlyTrade is a business-to-business technology provider; this policy reflects that role.

Last updated: 4 June 2026 · Effective: 4 June 2026
Draft for legal review. This document is a working draft prepared for internal use. It must be reviewed and approved by qualified legal counsel (Dedalos Enterprises) before publication. Bracketed orange fields must be completed or confirmed.

01Who We Are

OnlyTrade is a trading technology platform and website ("OnlyTrade", "we", "us", or "our"). The platform and website are operated by the company identified in our Terms & Conditions [link to T&C], which is established in the Republic of Cyprus.

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Cyprus Law 125(I)/2018 on the Protection of Natural Persons with regard to the Processing of Personal Data, OnlyTrade is the data controller in respect of the personal data described in this policy, except where Section 6 states that we act as a data processor.

OnlyTrade is a technology provider, not a broker. We do not hold client funds, execute trades for our own account, or provide financial, investment, or trading advice. Trading activity made available through the platform is operated by our business clients (prop firms and brokers) under their own regulatory frameworks and licenses.

02Scope & Our Role

This policy applies to personal data we process in the following contexts:

  • Website visitors — people who browse our marketing website, including pages describing the platform, features, and pricing.
  • Business enquiries — representatives of prop firms, brokers, and other organisations who contact us, request a quote, or go through our B2B onboarding process.
  • Client and partner personnel — named users at our business clients and partners who access administrative or operator-facing areas of the platform.

Separately, where prop firms and brokers use OnlyTrade to operate trading services for their own end traders, we process those end traders' data on behalf of and under the instructions of the relevant prop firm or broker. In that context our client is the controller and we are a processor — see Section 6.

03Data We Collect

Information you provide to us

  • Contact and identification data — name, business email, job title, company name, and website, for example when you request a custom quote or complete our onboarding form.
  • Business profile data — your organisation type (existing broker, existing prop firm, intending to launch a brokerage or prop firm) and whether you operate your own platform.
  • Communications — the content of messages, support requests, and correspondence you send us.

Information collected automatically

  • Technical data — IP address, browser type and version, device identifiers, operating system, and similar diagnostic data.
  • Usage data — pages visited, referring URLs, time spent, and interactions with our website, collected via cookies and similar technologies (see Section 11).

Information from third parties

We may receive limited business-contact information from publicly available sources or business-data providers for the purpose of B2B outreach, where permitted by applicable law.

We do not knowingly collect data from individuals under 18, and the platform and website are intended for business and professional use only.

04How & Why We Use Data

As a controller, we use personal data to:

  1. 1Respond to enquiries, provide quotes, and manage the B2B onboarding process.
  2. 2Provide, maintain, and improve the OnlyTrade platform and website, and provide technical support to our clients and partners.
  3. 3Manage our contractual relationships with clients, partners, and suppliers.
  4. 4Carry out business-to-business marketing about our products and services, subject to applicable law and your right to object.
  5. 5Analyse website performance and usage to improve functionality and user experience.
  6. 6Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  7. 7Comply with legal, regulatory, accounting, and reporting obligations.

06Platform Data & Our Role as Processor

When a prop firm or broker uses OnlyTrade to operate trading services for its own end traders, that client determines the purposes and means of processing the end traders' personal data. In that relationship:

  • The prop firm or broker is the data controller.
  • OnlyTrade acts as a data processor, processing such data only on documented instructions from the client and under a data processing agreement that meets the requirements of Article 28 GDPR.

If you are an end trader of a prop firm or broker that uses OnlyTrade, the privacy notice of that prop firm or broker — not this policy — governs how your data is handled. Requests to exercise your rights in relation to that data should be directed to them as controller; we will support them in responding as required by law.

07Sharing & Sub-Processors

We do not sell personal data. We share it only as necessary with:

  • Service providers and sub-processors who support our operations, such as cloud hosting, infrastructure, and analytics providers, under contracts that require appropriate safeguards.
  • Technology partners integrated into the platform, including TradingView (charting), Finnhub (market data), and DashProp (back-office technology), to the extent required to deliver the relevant functionality.
  • Professional advisers such as legal, accounting, and audit firms, where necessary.
  • Authorities and regulators where required by law, or to establish, exercise, or defend legal claims.
  • Acquirers in connection with any merger, acquisition, or reorganisation, subject to appropriate confidentiality protections.

A current list of our principal sub-processors is available on request at support@onlytradeplatform.com.

08International Transfers

We are based in Cyprus and primarily process data within the European Economic Area (EEA). Where personal data is transferred to a country outside the EEA that does not benefit from an adequacy decision, we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses, together with supplementary measures where necessary. You may request a copy of the relevant safeguards using the contact details below.

09Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, or reporting requirements, and to establish or defend legal claims. Indicative retention periods:

  • Enquiry and prospect data: up to 24 months from your last contact with us.
  • Client and contractual records: for the duration of the contract and for 6 years thereafter, in line with Cyprus limitation and tax record-keeping requirements.
  • Website analytics data: up to 14 months.

When data is no longer needed, we securely delete or anonymise it.

10Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss and unauthorised access, alteration, or disclosure. These include encryption in transit and at rest, access controls on a need-to-know basis, and confidentiality obligations on personnel and providers. No method of transmission or storage is completely secure; where a personal data breach is likely to result in a risk to your rights, we will notify the competent authority and, where required, affected individuals in accordance with applicable law.

11Cookies & Analytics

Our website uses cookies and similar technologies. Strictly necessary cookies are used to operate the site and do not require consent. Non-essential cookies — including analytics and performance cookies — are set only with your consent, which you can give or withdraw at any time through our cookie banner or settings. For details of the specific cookies we use, see our Cookie Notice [link to be added].

12Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure of your data in certain circumstances.
  • Restrict or object to certain processing, including direct marketing.
  • Request portability of data you provided to us.
  • Withdraw consent at any time, without affecting prior lawful processing.

To exercise any of these rights, contact us using the details in Section 14. We will respond within the timeframe required by law. You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection (www.dataprotection.gov.cy), or with the supervisory authority in your country of residence.

13Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date above. Where changes are material, we will take reasonable steps to notify you.

14Contact

For any questions about this policy or to exercise your rights, contact us at:

OperatorOnlyTrade (entity identified in our Terms & Conditions)
AddressAgias Elenis 4, Michaelides Building, 1st floor, Flat/Office 104, 1060 Nicosia, Cyprus
Privacy contactsupport@onlytradeplatform.com